<h1>
    Notice on the termination of the processing of personal data
</h1>

<p>
    PLEASE NOTE: The following notice applies from 1 May 2023. The privacy notice valid until 30
    April 2023 can be found below.
    All previous versions of the privacy notice can be found at: <a
        href="https://www.coronawarn.app/en/privacy">https://www.coronawarn.app/en/privacy</a>
</p>

<p>
    <strong>1. Termination of data processing </strong>
</p>
<p>
    On 1 May 2023, the Corona-Warn-App will go into sleep mode. This will reduce the previous range
    of features. Most features, including the warning feature and test result retrieval, will no
    longer be available.
    Data processing on the server system of the Robert Koch Institute (RKI), which is required for
    these features, will stop when the sleep mode begins. From this point on, the RKI will no longer
    process any personal data in connection with these features. The personal data stored on the RKI
    server system for these features will be deleted completely.
    However, you will still have access to the COVID certificates stored in the Corona-Warn-App, and
    any entries in the contact journal, for as long as the app is installed on your smartphone. You
    will not, however, be able to store new COVID certificates in the app and you will not receive
    any COVID certificate renewal notices. If you want to continue using the stored COVID
    certificates and the contact journal, please refer to the notes at the end of this section.
    When sleep mode is activated, the Corona-Warn-App will disable your operating system’s COVID-19
    exposure notification system, which is used to send out exposure data and record encounters
    (iPhone: “Exposure Notifications”; Android smartphones: “COVID-19 Exposure Notifications”). You
    can also disable the COVID-19 exposure notification system yourself at any time in your
    operating system settings. Your operating system automatically deletes the exposure data stored
    on your smartphone after 14 days. If you wish to delete it earlier, you can do so manually in
    your operating system settings or uninstall the Corona-Warn-App.
    The exchange servers of the countries that participated in the transnational warning system have
    already been switched off. All personal data processed in connection with the transnational
    warning system has been deleted.
    From 1 June 2023, the Corona-Warn-App will not be developed any further.
    <u>
        Notes on using the features for digital COVID certificates and the contact journal from 1
        May 2023:
    </u>
</p>
<ul>
    <li>
        You can still use the export features to back up your stored digital COVID certificates and
        entries in your contact journal. If you wish to present a digital COVID certificate as
        proof, please note the information in Section 6. h of the
        privacy notice below on the secure handling of certificates, and please only have
        certificates scanned with a suitable verification app.
    </li>
    <li>
        If you want to completely delete the entries stored in the contact journal on your
        smartphone and the stored digital COVID certificates, please uninstall the Corona-Warn-App.
    </li>
    <li>
        Please note that the Corona-Warn-App will be removed from app stores in the next few weeks.
        You will not be able to reinstall the app.
    </li>
</ul>
<p>
    <strong>2. Who will receive your data?</strong>
</p>
<p>
    From 1 May 2023, the RKI will no longer process personal data for the operation of the
    Corona-Warn-App. In sleep mode, the Corona-Warn-App will no longer transmit data to the RKI’s
    server system or to other recipients. The Corona-Warn-App will only process your data (entries
    in the contact journal and stored COVID certificates) on your smartphone.
</p>
<p>
    <strong>3. How can you withdraw your consent?</strong>
</p>
<p>
    Once the Corona-Warn-App is in sleep mode, it will no longer be possible – but also no longer
    necessary – to withdraw consent given in the app. This is because the processing operations
    based on your consent will not continue after 30 April 2023 and the personal data stored with
    your consent on the RKI server system until that date will be automatically deleted.
</p>
<p>
    <strong>4. Your rights under data protection law</strong>
</p>
<p>
    In sleep mode, the RKI will no longer process any personal data for the operation of the
    Corona-Warn-App. As soon as your personal data stored on the RKI server system is deleted, your
    statutory data protection rights (Art. 15, 16, 17, 18, 20 and 21 GDPR) will therefore no longer
    apply.
    If you have any questions about the processing of your data by the RKI, you can still contact
    the official RKI data protection officer (Art. 38(4) GDPR). You also have the right to lodge a
    complaint with a data protection supervisory authority. To do so, you can for example contact
    your local supervisory authority, or the authority responsible for the RKI directly. The
    supervisory authority responsible for the RKI is the Federal Commissioner for Data Protection
    and Freedom of Information, Graurheindorfer Straße 153, 53117 Bonn.
</p>
<p>
    <strong>5. Data protection officer and contact</strong>
</p>
<p>
    If you have any questions or concerns regarding data protection, you are welcome to send them to
    the RKI’s official data protection officer by post to: Robert Koch-Institut, FAO the data
    protection officer, Nordufer 20, 13353 Berlin, or by emailing: <a
        href="mailto:datenschutz@rki.de">datenschutz@rki.de</a>.
</p>

<hr>

<h1>Privacy notice</h1>
<p>
    Version 3.2.0 (valid until 30 April 2023)
    This privacy notice explains how your data is processed and what data protection rights you have
    when using the German Federal Government’s official coronavirus app, the Corona-Warn-App.
    It covers the following topics:
</p>
<p>
    <strong>1. Who is the Corona-Warn-App published by?</strong>
</p>
<p>
    <strong>2. Is using the app voluntary?</strong>
</p>
<p>
    <strong>3. On what legal basis is your data processed?</strong>
</p>
<p>
    <strong>4. Who is the app aimed at?</strong>
</p>
<p>
    <strong>5. What data is processed?</strong>
</p>
<p>
    <strong>6. Why is your data processed?</strong>
</p>
<p>
    <strong>7. What permissions does the app require?</strong>
</p>
<p>
    <strong>8. When will your data be deleted?</strong>
</p>
<p>
    <strong>9. Who will receive your data?</strong>
</p>
<p>
    <strong>10. Is your data transferred to countries outside the EU?</strong>
</p>
<p>
    <strong>11. How can you withdraw your consent?</strong>
</p>
<p>
    <strong>12. What other rights do you have under data protection law?</strong>
</p>
<p>
    <strong>13. Data protection officer and contact</strong>
</p>
<p>
    To make sure that this text can be understood by all users, we have made
    every effort to make it simple and as non-technical as possible.

</p>
<h2>
    1. Who is the Corona-Warn-App published by?

</h2>
<p>
    This app is published by the Robert Koch Institute (<strong>RKI</strong>)
    for the German Federal Government. The RKI is also responsible for ensuring
    that your personal data is processed in accordance with data protection regulations.

</p>
<h2>
    2. Is using the app voluntary?

</h2>
<p>
    Using the app is voluntary. It is entirely up to you whether you install the app, which of the
    app’s features you use, and whether you share data with others. As a matter of principle, all
    of the app’s main features that require the transfer of your personal data will obtain your
    express consent in advance.
</p>
<p>
    In the context of the official digital COVID certificates (COVID test certificate, COVID
    vaccination certificate and COVID recovery certificate), new legal requirements apply to the
    creation of the certificates. For this reason, no additional consent is required in this
    context. However, the certificates will only be created if you wish for this to happen.
    Requesting and using digital COVID certificates is voluntary.
</p>
<p>
    If you do not give your consent, if you subsequently withdraw it, or if you do not request any
    digital COVID certificates, this will not result in any disadvantages for you.
</p>
<h2>
    3. On what legal basis is your data processed?

</h2>
<p>
    As a matter of principle, your data will only be processed in connection with the app’s features
    if you have consented to this. This includes, for example, data processing for exposure logging
    and warning others, verifying COVID certificates for ticket bookings and processing data in
    COVID certificates when updating certificates (see Section 6 o.). The legal basis in each case
    is Art. 6(1) Sentence 1(a) GDPR and, in the case of health data, Art. 9(2)(a) GDPR. Please refer
    to Section 11 for information about your right of withdrawal.
</p>
<p>
    In the context of the official digital COVID certificates (COVID test certificate, COVID
    vaccination certificate and COVID recovery certificate), data processing is mainly regulated by
    law. The creation and confirmation of vaccination certificates is based on Art. 9(2)(g) GDPR in
    conjunction with Sect. 22a(5) of the Infection Protection Act (IfSG). The creation and
    confirmation of test certificates is based on Art. 9(2)(g) GDPR in conjunction with Sect. 22a(7)
    IfSG. The creation and confirmation of recovery certificates is based on Art. 9(2)(g) GDPR in
    conjunction with Sect. 22a(6) IfSG. The processing of access data in connection with the feature
    for verifying certificates, for checking the rules on booster vaccination recommendations, and
    for providing information about updating certificates is based on Art. 6(1) Sentence 1(e) GDPR
    in conjunction with Sect. 3 of the German Federal Data Protection Act (BDSG). Temporary storage
    of the hash values of the signatures of the updated and new certificates (see Section 6 o.) is
    carried out on the basis of Sect. 22(1)(c) BDSG and Art. 9(2)(i) GDPR.
</p>
<p>
    On the basis of Art. 6(1) Sentence 1(e) GDPR in conjunction with Sect. 3 of the German Federal
    Data Protection Act (BDSG), the processing of access data for the provision of daily statistics
    (see Section 6 f.) is performed as part of the RKI’s duty to inform the public pursuant to Sect.
    4(4) of the Act on Successor Agencies to the Federal Health Agency (BGA-NachfG).
</p>
<h2>
    4. Who is the app aimed at?

</h2>
<p>
    The app is aimed at people who are resident in Germany and at least 16
    years old.

</p>
<h2>
    5. What data is processed?

</h2>
<p>
    The app’s entire system has been programmed in such a way that the core features process as
    little personal data as possible. This means that, when you use exposure logging, warn other
    users, or retrieve a test result, the system does not need to collect any data that would allow
    the RKI or other users to infer your identity, your name, your location or other personal
    details.
</p>
<p>
    Exceptions apply to the additional feature for proving a rapid test result, which allows you to
    display a confirmation issued in your name for negative rapid test results (see Section 6 c.),
    the feature for creating a rapid test profile, which allows you to provide a testing point with
    the data required to perform a rapid test (see Section 6 d.), and if you add digital COVID
    certificates in the app (see Section 6 h.) or update them (see Section 6 o.) or have these
    verified when booking tickets (see Section 6 k.).
</p>
<p>
    The app refrains by default from using analysis tools to evaluate the way you use it. Only if
    you expressly agree to voluntarily share data or to record an error report and share it with the
    RKI (see Sections 5 l. and 5 n.), will certain data about your use of the app be transmitted to
    the RKI.
</p>

<p>
    The data processed by the app can be grouped into the following categories:

</p>
<h3>
    a. Access data

</h3>
<p>
    Every time the app exchanges data over the internet with the RKI’s server
    system (hereinafter referred to as the <strong>server system</strong>), the
    server system processes so-called access data. This is necessary so that
    the app can retrieve current data (e.g. for warnings) or transmit certain
    data stored on your smartphone to the server system. This access data
    includes the following:
</p>
<ul>
    <li>
        IP address
    </li>
    <li>
        Date and time of retrieval
    </li>
    <li>
        Transmitted data volume (or packet length)
    </li>
    <li>
        Notification of whether the data exchange was a success.
    </li>
</ul>
<p>
    This access data is processed to maintain and secure the technical
    operation of the app and the server system. You will not be identified
    personally as a user of the app and no user profile will be created. Your
    IP address will not be stored beyond the end of the usage procedure.

</p>
<p>
    In order to prevent unauthorised parties from using your IP address to
    associate your data with you when you use the app, the app only ever
    accesses the server system via a special access server. This access server
    then forwards the data requested or transmitted by the app to the
    appropriate server, but without your IP address, meaning that your IP
    address is no longer processed within the server system.

</p>
<h3>
    b. Exposure data

</h3>
<p>
    As soon as you enable your iPhone’s or your Android smartphone’s COVID
    exposure notification system (which is called “Exposure Notifications” or
    “COVID Exposure Notifications” respectively), your smartphone transmits
    so-called exposure data via Bluetooth, which other smartphones in your
    vicinity can record. Your smartphone, in turn, also receives the exposure
    data of other smartphones. The exposure data transmitted by your smartphone
    comprises:
</p>
<ul>
    <li>
        Random identification numbers (hereinafter referred to as <strong>random IDs</strong>)
    </li>
    <li>
        Bluetooth protocol version
    </li>
    <li>
        Bluetooth transmit power in decibel-milliwatts (dBm).
    </li>
</ul>
<p>
    If exposure to another smartphone is recorded, the exposure data also
    includes:
</p>
<ul>
    <li>
        Day, time and duration of the contact
    </li>
    <li>
        Bluetooth signal strength in dBm.
    </li>
</ul>
<p>
    The random IDs are changed regularly. This helps prevent your
    smartphone from being identified using these random IDs. The exposure
    data transmitted by your smartphone and the exposure data recorded when
    you come into contact with other app users are stored on your
    smartphone and deleted after 14 days. The exposure data transmitted by
    your smartphone is processed in the same way when it is recorded by the
    smartphones of other app users.
</p>
<p>
    Please note: the COVID exposure notification system functionality is
    part of your operating system. The providers responsible for this system
    are therefore Apple (if you have an iPhone) and Google (if you have an
    Android smartphone). In this respect, the data processing is subject to
    these companies’ own privacy policies, which means that the RKI is not
    responsible for this and has no influence on it. Depending on the version
    and configuration of your operating system, the actual names, operating
    steps and settings options may differ from those described in this privacy
    notice. More information is available from the respective providers:
</p>
<ul>
    <li>
        If you have an Android smartphone, you can find information from Google
        on your device by going to “Settings” &gt; “Google” &gt; “COVID
        exposure notifications” and tapping on “Learn more”.
    </li>
    <li>
        If you have an iPhone, you can find information from Apple on your
        device by going to “Settings” &gt; “Exposure Notifications” and tapping
        on “How Exposure Notifications work ...”.
    </li>
</ul>
<h3>
    c. Rapid test data
</h3>
<p>
    If you have taken rapid antigen tests at a testing point, you can retrieve the results of these
    through the app. If you choose to use this service, your testing point will generate an
    individual QR code for you to scan with the app. The QR code contains a unique code for your
    rapid test, and the time you were tested, in encoded form. If, in the event of a negative rapid
    test result, you wish to have the test result displayed along with your name in the app for
    verification purposes (see Section 6 c. for more information about this feature), the QR code
    will contain further data provided by you in encoded form. You can also use the app to retrieve
    the test results of family members. The name of the family member that you enter in the app is
    only stored locally on your smartphone. You cannot warn other users based on a positive test
    result of a family member.
</p>
<h3>
    d. Rapid test profile
</h3>
<p>
    You can store information about yourself in your rapid test profile in the app. The rapid test
    profile includes the following fields: first name, last name, date of birth, street and house
    number, postcode, town, phone number, email address. The app then converts your data into your
    personal QR code, which contains all the data you have entered. Creating a rapid test profile in
    the app, and using it at a testing point, are voluntary. You decide yourself which data you
    enter in your rapid test profile. The QR code only contains this data. If the testing point
    requires more information that is not contained in the QR code, you can also provide this to the
    testing point in another way.
</p>

<h3>
    e. Event data
</h3>
<p>
    If you visit an event (such as a party or concert) or a place (such as a shop or restaurant),
    you can record your stay there in the app. Event organisers and business owners can provide
    guests with a QR code for this purpose.
</p>
<p>
    As a guest, you can “check in” when you arrive by simply scanning this QR code with the app.
    When leaving the event or place, you can “check out” again in the app. The app then remembers
    that you were at that event or place, and when you were there. If a guest later tests positive
    for coronavirus and activates the warning feature via their app, then all other guests who were
    checked in at the same time will receive a warning.
</p>
<p>
    If you scan a QR code as a guest, the event details provided by the host (name of the
    event/place, address/location, typical length of stay and, if applicable, the time when the
    event started) as well as the check-in time will be stored on your smartphone. In addition, your
    app will derive an encrypted identifier (hereinafter referred to as the event ID) that can be
    uniquely assigned to the event based on the information contained in the QR code. No conclusions
    about the event or the place can be drawn from the event ID. When you check out in the app or
    are automatically checked out after the time preset by the host, the check-out time will be
    stored on your smartphone.
</p>
<p>
    An entry will also be created in your contact journal by default. Sections 5 g. and 6 g. explain
    this in more detail. If you do not want to create an entry in your contact journal for an event
    or place, you can simply switch off this feature using the corresponding toggle switch.
</p>
<p>
    Under “My check-ins”, you can check and delete your previous check-ins and also adjust the
    check-out time.
</p>
<p>
    As a host, you can create a QR code for your guests to check in to your event or place.
</p>
<p>
    The QR code for the event or place contains the event details provided by you as well as a
    random code. The random code ensures that different places and events for which the same event
    details have been entered will later have different event IDs. The QR codes you create are
    stored on your smartphone. Under “My QR codes”, you can delete the QR codes you have created at
    any time. However, please remember that you will require a QR code to warn your guests who were
    checked in at the event or place.
</p>

<h3>
    f. Health data

</h3>
<p>
    Health data is any data containing information about a person’s health.
    This includes not only information about past and current illnesses, but
    also about a person’s risk of illness (such as the risk that a person has
    been infected with coronavirus). The app processes health data in the
    following cases:
</p>
<ul>
    <li>
        When a possible exposure is identified
    </li>
    <li>
        If you use the app to retrieve a test result
    </li>
    <li>
        If you use the app to warn other users and guests from events or places you visited at the
        same time that they may be infected
    </li>
    <li>
        If you provide information about the onset of any coronavirus symptoms or
    </li>
    <li>
        If you add digital COVID certificates (vaccination certificates, test certificates or
        recovery certificates) in the app.
    </li>
</ul>
<p>
    Section 6 explains this in more detail.

</p>
<h3>
    g. Entries in the contact journal

</h3>
<p>
    If you use the contact journal to note when and where you met certain people and record certain
    details of the encounter or contact details for people and places, this information is stored in
    encrypted form on your smartphone. The contact journal entries are only there to help you
    remember. The RKI and other agencies cannot gain access to entries in the contact journal. The
    contact journal can help you to keep track of your personal contacts over the last 14 days. If
    you test positive for coronavirus and the public health office (Gesundheitsamt) requests your
    assistance with contact tracing, then you can quickly provide the information it needs.

</p>
<p>
    Using the contact journal is voluntary. You personally decide whether to store entries in the
    contact journal. In this respect, you are also responsible for what you record. For this reason,
    we kindly ask you to respect the privacy of the people you include in your contact journal. You
    should not share your entries with third parties or via insecure communication channels. The
    competent public health office will tell you what information it needs from you for contact
    tracing purposes, and how you can provide it.

</p>
<h3>
    h. Data about your COVID vaccination (data in the COVID vaccination certificate)

</h3>
<p>
    In the app, it is possible to add your official vaccination certificates (digital COVID
    certificates). Requesting a digital vaccination certificate is voluntary. If you choose to use
    this service, you will receive a printout with a QR code at the time of your vaccination. This
    will contain the following data about your COVID vaccination in encoded form:
</p>
<ul>
    <li>
        Personal data (last name, first name, date of birth)
    </li>
    <li>
        Information about the vaccine (disease, vaccine, product, manufacturer)
    </li>
    <li>
        Vaccination information (dose number, total doses, date of vaccination, country, issuer)
    </li>
    <li>
        The RKI’s electronic signature
    </li>
    <li>
        Unique vaccination certificate identifier.
    </li>
</ul>
<p>
    The data will be stored in the app as soon as you scan the QR code for the digital vaccination
    certificate. This data will have been collected previously at the time of your vaccination.
</p>
<h3>
    i. Data about your recovery (data in the COVID recovery certificate)
</h3>
<p>
    In the app, it is possible to add your official recovery certificates (digital COVID recovery
    certificates). Requesting a digital recovery certificate is voluntary. After requesting the
    recovery certificate, you will receive a printout with a QR code from the doctor. This will
    contain the following data about your recovery in encoded form:
</p>
<ul>
    <li>Personal data (last name, first name, date of birth)</li>
    <li>Date of testing</li>
    <li>Information about the test, including the type of test, and the issuer</li>
    <li>The RKI’s electronic signature</li>
    <li>Unique recovery certificate identifier.</li>
</ul>
<p>
    The data will be stored in the app as soon as you scan the QR code of the digital recovery
    certificate. This data will have been collected from you by the doctor when you requested the
    certificate.
</p>

<h3>
    j. Data in the COVID test certificate
</h3>
<p>
    You request official test certificates (digital COVID test certificates) through the app.
    Requesting a digital test certificate is voluntary and only possible if a negative test result
    is available. You will then receive your test certificate with a QR code in the app. This
    contains the following data about your test result:
</p>
<ul>
    <li>Personal data (last name, first name, date of birth)</li>
    <li>Information about the test (disease, type of test, product, manufacturer)</li>
    <li>Information about the testing procedure (date and time of the test, location of the testing
        centre)
    </li>
    <li>Test result</li>
    <li>The RKI’s digital signature</li>
    <li>Unique test certificate identifier.</li>
</ul>
<p>
    The data is stored in the app as soon as your test result is available.
</p>
<h3>
    k. Booking information
</h3>
<p>
    If you make a booking via the internet with a travel or event company or other provider, you can
    use the app to prove to the provider that you have a valid digital COVID certificate
    (verification of certificates for ticket bookings). To do this, you will need to have added a
    digital COVID certificate in the app. In addition, the provider must be connected to a
    verification service.
</p>
<p>
    To check the certificate, you will require a special QR code which you will receive from the
    provider as part of the booking process. This QR code contains a unique transaction ID, a short
    description of the booking (e.g. “booking number 1234”) and an internet address (URL).
</p>
<p>
    The app uses this information to retrieve technical specifications from the provider as well as
    the following booking information for consideration when verifying the COVID certificate:
</p>
<ul>
    <li>Your name</li>
    <li>Your date of birth</li>
    <li>Information about the date of the required validity of the COVID certificate (date of travel
        or date of event)
    </li>
    <li>For travel: Country of origin and country of destination</li>
    <li>Proof requirements, i.e. in particular the types of certificate suitable for proof, e.g.
        vaccination certificate (in the case of cross-border travel, also the requirements of the
        destination country)
    </li>
    <li>For certain bookings, information on the type of event is also shared (e.g. concert or major
        event).
    </li>
</ul>
<p>
    The provider decides which specific information will be used to verify the COVID certificate,
    and which COVID certificates are permitted as proof.
</p>
<h3>
    l. Usage Data (data sharing)

</h3>
<p>
    If you enable data sharing, the app will transmit certain data about your use of the app
    (hereinafter referred to as usage data) once a day to the RKI. This usage data concerns the
    possible exposures displayed by the app, warnings that have been received and triggered, test
    results that have been retrieved, and technical information about your smartphone’s operating
    system. Specifically, the usage data includes:
</p>
<ul>
    <li>The date when you shared the data (i.e. the date of transmission)</li>
    <li>Changes to the warning history compared to the previous day</li>
    <li>What risk status was shown to you at the time when you used the data sharing feature</li>
    <li>Information about which encounters served as a basis on which to calculate the risk status
    </li>
    <li>Information about the model and version of your smartphone and the version of your app as
        well as the operating system you are using.
    </li>
</ul>
<p>
    If you retrieved a test result via the app:
</p>
<ul>
    <li>Whether the test result was positive or negative</li>
    <li>What risk was shown to you at the time when you registered the test</li>
    <li>How much time has passed since the last possible exposure and its display in the app until
        the relevant test registration
    </li>
    <li>Whether you have used the feature for warning others and, if so, which step you reached in
        the process (e.g. the part that asks about your symptoms)
    </li>
</ul>
<p>
    If you have used the warning feature:
</p>
<ul>
    <li>Whether you provided information about the onset of symptoms</li>
    <li>When you gave your consent to warn others (before or after registering the test)</li>
    <li>Whether you completed the entire warning process or whether you aborted the process before
        the end (for example, because you did not wait for confirmation that your data had been
        successfully transmitted)
    </li>
    <li>
        The test type that was the basis for the warning
    </li>
    <li>How many hours it took before you received your test result after registering your test</li>
    <li>How many days passed since the last notification of an elevated risk before the warning
        feature was used
    </li>
    <li>How many hours have passed since the test was registered</li>
</ul>
<p>
    In addition, you can provide further optional information about your region and age group, which
    will be transmitted to the RKI together with the usage data.
</p>
<h3>
    m. Participation in a survey
</h3>
<p>
    Some app users are offered to participate in a survey by the RKI. This offer to participate in
    the survey will usually be contingent on certain events registered in the app (e.g. an elevated
    risk being displayed). By taking part in the survey, you will help the RKI to assess the
    effectiveness of the app, to improve the app and, for example, to understand whether and how
    warnings sent via the app help to prevent further infections.
</p>
<h3>
    n. Contents of the error reports
</h3>
<p>
    To assist the app’s technical support team with error analysis, you can record an error report
    in the app. When you start recording the error report, a comprehensive record is made of
</p>
<ul>
    <li>
        the steps you take in the app,
    </li>
    <li>
        the technical steps and processes as well as status messages involving
        <ul>
            <li>
                exposure logging (e.g. involving the functioning of the processing of exposure data,
                the calculation of the risk of infection, the updating of the positive lists, the
                display of the calculated risk status),
            </li>
            <li>
                the retrieval and display of test results, and
            </li>
            <li>
                possible processes for warning others (e.g. the calculation of transmission risk
                values and the technical provision of your random IDs by your smartphone)
            </li>
        </ul>
    </li>
</ul>
<p>
    and stored on your smartphone. The error report may also contain health data, because the
    technical steps and processes related to the detection of a possible exposure are also recorded.
</p>
<p>
    However, the error report does not contain information about QR codes for test registration, the
    token stored in your app (see “Retrieving a test result” in Section 6 b. below), rapid test
    results, digital COVID certificates and entries in your contact journal. Furthermore, the error
    report does not contain your name or other information with which the RKI can identify you.
</p>
<p>
    You can stop recording the error report and delete the error report at any time. If you choose
    to share the error report with the RKI, you will receive an identifier for your error report
    (error report ID) via the app. The error report ID allows the RKI to assign your error report to
    further information that you provide separately to the technical support team, e.g. if you also
    wish to provide a description of the error by email. If you provide your error report ID to the
    technical support team, it may be possible to establish a link to you based on this further
    information.
</p>
<h3>
    o. Authentication by the operating system
</h3>
<p>
    Before you can use some of the app’s features, the authenticity of your app first needs to
    be checked and confirmed to the RKI. Specifically, this authentication by the operating system
    serves to determine whether you are using a manipulated or counterfeit (“fake”) version of the
    app. Your smartphone generates a unique identifier and sends it to your operating system
    provider (if you use an Android smartphone, data is transmitted to Google; if you use an
    iPhone, data is transmitted to Apple). The identifier contains information about the version
    of your smartphone and the version of the app. If this feature of the operating system is
    available, your operating system provider can infer your identity from the identifier and
    learn that the app has requested authentication. The RKI does not provide your operating
    system provider with any information from the app, such as exposure data.
</p>

<h2>
    6. Why is your data processed?

</h2>
<h3>
    a. Exposure logging

</h3>
<p>
    Exposure logging is part of the app’s main functionality. It serves to warn you of
    possible exposure to people who have tested positive for coronavirus (“possible
    exposures”) to assess the risk that you have been
    infected as a result of the exposure, and to provide you with health advice and
    recommendations for what to do next.

</p>
<p>
    For this purpose, the app retrieves an up-to-date positive list from the server system several
    times a day. This list contains information from users who have used the warning feature in an
    official coronavirus app (see Section 7). This positive list contains the random IDs of users
    who have activated the warning feature and, if applicable, information about the onset of
    symptoms. If the users who have activated the warning feature were checked in at events, or if
    the host of an event or place warns other users, then the positive list also contains the
    relevant event IDs and the duration of the check-ins (check-in and check-out times).
</p>
<p>
    The random IDs and event IDs on the positive lists also contain a transmission risk value and an
    indication of the type of diagnosis (see Section 6&nbsp;e.).
</p>
<p>
    The app passes the random IDs from the positive list to the COVID-19 exposure
    notification system, which compares them with the random IDs it has recorded
    from your encounters with other users. If the COVID-19 exposure notification
    system detects a match, it transfers to the app the exposure data recorded
    for the possible exposure in question.
</p>
<p>
    Similarly, the app matches event IDs from the positive list with the event IDs from your
    check-ins to determine whether you were at an event or place at the same time as users who have
    tested positive for coronavirus.
</p>
<p>
    The app evaluates this exposure data, event IDs (including the associated check-in and check-out
    times) as well as the information on the positive lists (transmission risk value; information
    about the onset of symptoms) in order to determine your risk of infection. The rules for
    evaluating this information (for example, how the duration of a contact influences the risk of
    infection) are based on the RKI’s latest scientific findings. In the event of new findings, the
    RKI can update the evaluation rules by adjusting the evaluation settings in the app. In this
    case, the new evaluation settings are sent to the app together with the positive lists.
</p>
<p>
    The risk of infection is calculated exclusively offline in the app and is not
    passed on to the COVID-19 exposure notification system or any other recipient
    (including the RKI, other health authorities, Apple, Google and other third parties).

</p>
<p>
    If a risk of infection is identified for you, this will be displayed in the app. If an elevated
    risk is displayed, this means that you encountered one or more other users who later tested
    positive for coronavirus and used the warning feature in their app, or that such users were
    checked in at an event or place at the same time as you.
</p>
<p>
    The risk calculated for each of the last 14 days is displayed in the calendar view of the
    contact journal. Please refrain from drawing false conclusions about the source of any risk: a
    risk calculated and displayed for a certain day may well be due to your having encountered users
    unknown to you without realising it, and will not necessarily have anything to do with the
    people, places or events you recorded in the contact journal.
</p>
<h3>
    b. Retrieving a test result

</h3>
<p>
    If you have taken a coronavirus test (PCR test or rapid antigen test) and registered this test
    in the app using the QR code, you can retrieve your test result via the app.
    The app will notify you as soon as your test result is available. For this to work, the testing
    facility (e.g. testing laboratory or testing point) needs to be
    connected to the server system and, as part of the testing procedure, you must have given
    separate consent to your test result being sent. It is not possible to display test results from
    testing facilities that are not connected to the app’s server system. If you have not received a
    QR code, then you cannot use this feature either.
</p>
<p>
    <u>Scanning the QR code</u>

</p>
<p>
    In order to retrieve your test result via the app, you will need to scan the QR code using the
    app. The QR code contains a code number that is read during scanning and is assigned to your
    test. If the test is a rapid antigen test, then the QR code will also contain the rapid test
    data described in Section 5 c. After reading the code number, the app ‘hashes’ it. This means
    that the app performs a certain mathematical procedure in order to convert the code number in
    such a way that it can no longer be identified. However, it is still possible to clearly assign
    the hashed code number to your test result. As soon as your smartphone is connected to the
    internet, the app will transmit the hashed code number to the server system. The server system
    then provides a digital access key (a so-called token), which is stored in the app. The token is
    linked to the hashed code number in the server system. The app now deletes the code number that
    has been hashed on your smartphone and keeps only the token. Once the QR code has been used in
    this way, it becomes invalid and can no longer be used by anyone. This ensures that no other
    users can use your QR code to retrieve your test result.

</p>
<p>
    <u>Filing of the test result</u>

</p>
<p>
    As soon as your test result is available, the testing facility stores it in the RKI’s test
    result database using only the hashed code number. The test result database is located on a
    special server within the server system. The testing facility generates the hashed code number
    based on the same QR code that you received.

</p>
<p>
    <u>Retrieval of the test result</u>

</p>
<p>
    Using the token stored in the app, the app regularly requests the status of your test from the
    server system. The server system then informs the app of the current status (result not yet
    available / result available). As soon as your test result is available, the outcome (i.e.
    whether you have tested positive or negative for coronavirus) is also transmitted to the app. If
    you have enabled the test status notification (under “Settings” &gt; “Notifications”), you will
    be notified. The test result will not be displayed until you open the app.

</p>
<p>
    If you have tested positive for coronavirus, the app uses the token again to request a TAN
    (transaction number) from the server system. The TAN is required to ensure that no false
    warnings are transmitted to other users. For this purpose, the server system reassigns the token
    to the hashed code number and requests confirmation from the test result database that a
    positive test result really does exist for the hashed code number. If this is confirmed, the
    server system generates the TAN and transmits it to the app. A copy of the TAN remains on the
    server system.
</p>
<p>
    The test results are also stored in your contact journal.
</p>
<h3>
    c. Proof of a rapid test result
</h3>
<p>
    If you retrieve the result of a rapid antigen test and, when you were at the testing facility,
    you selected the option to have your name displayed in the event of a negative test result, then
    a negative result will be displayed along with your name, date of birth and the time you were
    tested. To do this, the app uses the corresponding rapid test data which it reads when scanning
    the QR code. The rapid test data will be deleted as soon as the negative rapid test result is no
    longer displayed in the app.
</p>
<p>
    If necessary, you can show the test result displayed in the app to prove to third parties that
    you took a rapid test and the result of that test was negative. Please find out about applicable
    requirements for the recognition of digital test certificates where you are located. Please
    note:
</p>
<ul>
    <li>The RKI cannot guarantee that a rapid test result displayed in the app will be recognised by
        the competent authorities and other authorised bodies that may or must require you to
        provide proof of testing (e.g. shops, employers).
    </li>
    <li>You are not obliged to use the app’s certification feature. If you have to prove your test
        result to third parties, you can also present the proof in another form subject to the legal
        requirements (which may vary depending on the federal state).
    </li>
</ul>
<p>
    Your name will not be displayed if you retrieve a positive rapid test result. In this case, your
    name and date of birth will be immediately deleted from the app memory. Your other rapid test
    data (code, time you were tested) will be deleted as soon as the positive rapid test result is
    no longer displayed in the app.
</p>
<p>
    The rapid test results are also stored in your contact journal.
</p>
<h3>
    d. Rapid test profile

</h3>
<p>
    The rapid test profile feature offers you the possibility to speed up data collection at
    participating testing points. To do this, you can store information about yourself in your rapid
    test profile in the app and convert it into your personal QR code, which contains all the data
    you have entered. At the testing point, you can present your rapid test profile’s QR code in
    your app so that it can be scanned by testing point staff, allowing the data you have provided
    to be read. This is a quick and secure way for you to provide the data required to perform a
    rapid test. You decide yourself which data you include in your rapid test profile and whether to
    present it at testing points. If the testing point requires information that is not contained in
    the QR code, you can provide the information to the testing point in another way.
</p>
<h3>
    e. Warning others

</h3>
<p>
    If you have tested positive for coronavirus and share your random IDs with the app, then it is
    possible to warn other users whom you have encountered. In addition, users who were checked in
    at the same events or places at the same time as you will be warned. In this case, the app
    transmits the following data to the server system:
</p>
<ul>
    <li>
        Your own random IDs from the last 14 days
    </li>
    <li>
        The event IDs of events or places where you have checked in during the last 14 days,
        including the recorded check-in and check-out times
    </li>
    <li>
        Any information about the onset of symptoms
    </li>
    <li>
        Your TAN (see Section 6&nbsp;b.).
    </li>
</ul>
<p>
    Before passing on your test result (more precisely: before transmitting your random IDs and
    event IDs, including the recorded check-in and check-out times) to the server system, the app
    adds a transmission risk value to the data and also specifies the type of test performed. The
    transmission risk value is an estimate of how infectious you were on each day of the 14-day
    period. Since how infectious a person is or was depends on the duration and course of the
    infection, it can be taken into account, for example, that the more time has passed since the
    onset of symptoms, the lower the risk of a person spreading the virus on the day of a possible
    exposure. These additional transmission risk values allow a more precise determination of the
    likelihood that you have infected other users.
</p>
<p>
    The information requested by the app about the onset of symptoms is optional. However, this
    information may help to calculate the transmission risk value even more accurately. If you do
    not provide information about your symptoms, then the transmission risk values will be
    calculated assuming a typical case of infection with coronavirus, i.e. the more time has passed
    since a random ID was used, the lower the associated transmission risk value.

</p>
<p>
    <u>If you have not retrieved your test result in the app:</u>

</p>
<p>
    You can also warn others if you have not retrieved the positive test result in the app, e.g.
    because you did a self-test at home or because you did not receive a QR code from the testing
    facility.<br>
    To do this, select the procedure “Positive self-test?” or “Positive test and no result in the
    app?”.
</p>
<h3>
    f. Using the app for information purposes only

</h3>
<p>
    The app automatically receives the daily statistics that appear in the app
    via the server system. This generates access data. Websites linked in the app, such as
    <a href="http://www.bundesregierung.de/breg-en/">www.bundesregierung.de/breg-en</a>, are opened
    and displayed in your standard browser (Android smartphones) or within the app (iPhones). Which
    data is processed in this context depends on the respective providers of the websites accessed.

</p>
<h3>
    g. Contact journal

</h3>
<p>
    The contact journal is an additional feature of the app. What you enter in the contact journal
    serves as a reminder for you, and can only be accessed by you. If you later test positive for
    coronavirus and the public health office (Gesundheitsamt) requires your assistance with contact
    tracing, then you can provide the information that it needs more quickly. If the app calculates
    an elevated risk for you for a particular day, then seeing this information may help you to warn
    the people you have had contact with early on. This will give your contacts the chance to decide
    whether to change their plans if necessary, i.e. to meet up with fewer people and thus reduce
    the risk of causing undetected infections.

</p>
<h3>
    h. Digital COVID certificates

</h3>
<p>
    The app allows you to save your digital COVID certificates, keep them with you in electronic
    form and use them for certificate verification purposes when booking tickets.
</p>
<p>
    A digital COVID certificate is proof that a person has
</p>
<ul>
    <li>Been vaccinated against COVID-19 (COVID vaccination certificate)</li>
    <li>Tested negative for COVID-19 (COVID test certificate) or</li>
    <li>Recovered from a COVID-19 infection (COVID recovery certificate).</li>
</ul>
<p>
    Digital COVID certificates have been valid within the European Union (EU) since 1 July 2021 as
    certification of COVID-19 vaccination and testing, and of recovery from COVID-19 infection. The
    official name is “EU Digital COVID Certificate” (COVID Certificate).
</p>
<p>
    A COVID Certificate can be obtained on request after a vaccination, a test or after recovering
    from a confirmed case of COVID-19, from a competent entity (vaccination centres, testing points,
    doctors or pharmacies). You can also request a COVID test certificate directly in the app when
    you register a test. To do this, scan the QR code you received during the test. The app will
    read the information about your test from the QR code and receive the test result from the
    server. If you have taken a PCR test, retrieving the result and the COVID test certificate is
    additionally secured by means of your date of birth. A security code is generated from your date
    of birth (in the form of what’s known as a hash value) and compared with the RKI server. This
    ensures that no one else can retrieve your test result. The test certificate is stored in a
    secure area on your smartphone after the test result is retrieved. If you retrieved a positive
    test result, no COVID test certificate will be generated. Your current COVID test certificate
    will be displayed on the app’s home screen and in the “Certificates” section and can also be
    accessed via the test result.
</p>
<p>
    You can use a COVID Certificate in paper form or carry it with you in electronic form on your
    smartphone. Each certificate contains a QR code with an electronic signature from the RKI to
    protect against forged certificates. If you would like to save a COVID Certificate on your
    smartphone, you can simply scan the QR code with the app. The app then securely stores an
    electronic version of the COVID Certificate on your smartphone. To prevent unwanted access to
    the certificates stored on your smartphone, you should set up a code lock on the device.
</p>
<p>
    Please note that the QR codes on the COVID Certificates contain health data (data about
    coronavirus vaccinations, coronavirus test results or past coronavirus infections). You should
    only show the certificates and QR codes if you want to provide appropriate proof. Do not provide
    QR codes to anyone if you do not want the data to be read.
</p>
<p>
    You can use the app to scan your own printed COVID Certificates and those of family members
    (family certificates) and store them in encrypted form on your smartphone. You should show
    family certificates only when necessary for your family members to exercise their rights, such
    as when dining out or travelling together.
</p>
<p>
    In order to prove to third parties – in the situations where this is required by law – that you
    have been vaccinated, have tested negative, or have recovered from COVID-19, you can show the
    relevant COVID Certificate to the person performing the check. If the person performing the
    check uses a special verification app (such as the RKI’s CovPassCheck app), it is sufficient to
    show the QR code of the certificate and have it scanned.
</p>
<p>
    The QR code is the COVID Certificate in digital form and contains only the information necessary
    for the specific type of certificate (see also Section 5 h.–j.).
</p>
<p>
    The verification app allows for example authorities, travel companies and other service
    providers in the EU to scan the QR code of a COVID Certificate presented to them, in order to
    check its validity. During the verification, the data contained in the certificate is read. The
    verification app will only show whether the certificate provided is valid. If the certificate is
    valid, the name and date of birth of the certificate holder will also be disclosed, as will
    whether or not it is a test certificate. In the case of test certificates, the time of sampling
    will also be displayed.
</p>
<p>
    The name and date of birth of the certificate holder are displayed so that the person performing
    the check can compare this information with proof of identity (e.g. passport or ID card). A
    notification of whether the certificate is a test certificate and the time of sampling are
    necessary to enable the person performing the check to assess whether the test result on which
    the certificate is based is still valid.
</p>
<p>
    To protect against forged certificates, it is necessary to verify the authenticity of the stored
    COVID Certificates. The electronic signature contained in a certificate’s QR code is used for
    this purpose. The electronic signature is generated by the RKI when creating the COVID
    Certificate on the basis of the data contained in the certificate (see also Section 5 h.–j.).
    The signature is a special type of encryption that allows the RKI to confirm that the
    certificate is an official digital document created by the RKI.
</p>
<p>
    The RKI also provides the corresponding public keys from the authorities that issue certificates
    (in Germany, this is the RKI). These public keys can be used to check whether a certificate’s
    electronic signature actually originates from the issuing authority and whether the certificate
    has been manipulated since being signed electronically.
</p>
<p>
    The app regularly downloads the public keys in the background and stores them locally on your
    smartphone. This allows the app to check the validity of the electronic signature and thus the
    authenticity of the stored certificates. The public keys do not contain any personal data.
</p>
<p>
    You can use the app to check whether the COVID Certificates stored in the app are valid. EU
    countries may adopt their own rules for the validity of COVID Certificates. For example, test
    certificates may be valid for a longer period in some EU countries than in others. The EU
    countries exchange these rules via a common exchange server. Before starting a trip, you can
    therefore use the app to check whether your certificates are valid in the destination country.
</p>
<p>
    If you want to check whether a COVID Certificate is valid, your app downloads the current rules
    of all Member States from the app’s server system. The app then uses the data contained in a
    certificate to check whether that certificate complies with the rules before showing you the
    corresponding result. The subsequent verification takes place exclusively offline in the app and
    no data is passed on here to the RKI or other recipients (other health authorities in Germany or
    other countries, Apple, Google and other third parties).
</p>
<p>
    Please note that entry rules are subject to change and additional rules may apply both in the
    destination country and when you return. Guidance on entry requirements can also be found on
    this EU website: <a href="https://reopen.europa.eu/en"> https://reopen.europa.eu/en </a>.
</p>
<p>
    In addition, the app can remind you to check stored vaccination certificates if you received
    your last vaccination a long time ago. If you have enabled notifications in the app (under
    “Settings” > “Notifications”), you will be notified in such cases. The app downloads the current
    rules on booster vaccination recommendations from the server system at regular intervals. The
    app then uses the data contained in the certificates to check whether a booster vaccination is
    recommended soon. This check also takes place exclusively offline in the app and no data about
    the vaccination is passed on to the RKI.
</p>
<p>
    You have the option of exporting a certificate stored in the app, in order to print it out and
    use the paper version (e.g. when travelling for extended periods) or scan the certificate
    afterwards with a new smartphone and store it again as an electronic version in the app (e.g. if
    you get a new smartphone). The “Create EU printout” feature uses the data of the certificate
    stored in the app in order to create a PDF file. This processing is performed only offline on
    your smartphone. You then have the option of storing this PDF file. Creating an EU printout is
    voluntary. The PDF document contains sensitive health data (data about coronavirus vaccinations,
    test results or recovery from confirmed cases of coronavirus). Therefore, please keep the stored
    or printed certificate safe and do not publish or share the document.
</p>
<h3>
    i. Revocation of digital COVID certificates
</h3>
<p>
    To protect the health of certificate holders and the general public, it may become necessary to
    revoke certain digital COVID certificates. This is the case, for example, if an entity (e.g.
    pharmacy) has issued incorrect or fraudulent certificates. Revocation will result in the
    certificate becoming invalid and no longer being accepted when verified. It does not matter
    whether the certificate is presented in electronic form on a smartphone or on paper during the
    verification.
</p>
<p>
    If you have stored a revoked COVID certificate in the app, it will show as “invalid”. If you
    have enabled notifications in the app (under “Settings” > “Notifications”), you will be notified
    if your certificate is revoked.
</p>
<p>
    To determine whether a COVID certificate stored in the app has been revoked, the app downloads a
    revocation list from the server system at regular intervals. The revocation list does not
    contain any personal data, but only a small subsection from the unique identifier of the revoked
    certificates. This subsection is identical for all COVID certificates issued by the same entity.
    The app then compares this subsection with the unique identifier of the certificates stored on
    the smartphone. If there is a match, the certificate in question will be shown as invalid in the
    app. However, the revoked digital COVID certificate itself is not changed. This comparison takes
    place exclusively offline in the app and no data about this process is passed on to the RKI.
</p>
<h3>
    j. Data sharing
</h3>
<p>
    Data sharing is a voluntary additional feature of the app. The usage data and other voluntary
    information transmitted to the RKI by the data sharing feature are used to assess the
    effectiveness of the app and enable the following improvements:
</p>
<ul>
    <li>
        Improving exposure logging – The aim is to improve the accuracy and reliability of the
        technical calculation of risks of infection. For this purpose, information about possible
        exposures and warnings displayed to you is analysed. The calculation method can then be
        fine-tuned.
    </li>
    <li>
        Improving app navigation for users – The aim is to make it easier to use the app. For this
        purpose, information about the individual steps that users take in the app is analysed. This
        makes it possible to make labels and texts clearer, and buttons can be placed in such a way
        that they can be found more easily. In addition, displays can be customised for different
        smartphone models.
    </li>
    <li>
        Providing information and assistance with the app – The aim is to identify whether there are
        problems when the app is used, for example with certain testing facilities and laboratories
        or in certain regions. This can be determined if, for example, the data sharing feature
        reveals that test results are available later in certain regions than in others. In this
        way, the competent health authorities can also be specifically informed of potential
        technical disruptions.
    </li>
    <li>
        Improving statistics about the pandemic – The data can provide information about the
        temporal and spatial distribution of certain events in the pandemic and allow the
        authorities to respond more quickly to certain developments.
    </li>
</ul>
<p>
    The usage data and other voluntary information will be stored and analysed without any
    connection to your name or identity. This means the RKI will not find out who you are or who you
    have met. To enable the data sharing feature, the authenticity of your app first needs to be
    confirmed (please note the further information about this under Sections 6 n. and 10).

</p>
<h3>
    k. Verifications of certificates for ticket bookings
</h3>
<p>
    When you book a ticket with a travel or event company or other provider, you can use the app to
    submit a digital COVID certificate to the provider’s verification partner so that it can verify
    the validity of the certificate for your booking with the travel or event company.
</p>
<p>
    To do this, you will need to have added a digital COVID certificate in the app. The app will ask
    the provider for the booking information to be used for verification and suggest a suitable
    certificate based on this information. You can then select this and send it to the verification
    partner together with the booking information made available by the provider (See Section 5 k.).
</p>
<p>
    The verification partner will check whether the certificate’s electronic signature is genuine
    and that the technical expiration date has not passed. The verification partner will immediately
    inform the provider of the result of this verification. The only information communicated will
    be whether the verification was successful or not. You will also be shown the result of the
    verification in the app.
</p>
<p>
    The booking information made available by the provider is only processed locally in the app.
    This means the RKI cannot tell which certificates you have selected and had verified or which
    trips or events you have booked.
</p>
<p>
    The RKI is not responsible for the data processing performed by the provider and the
    verification partner. Please read their privacy notices so that you know what your data is used
    for and how it is used.
</p>
<h3>
    l. Error reports
</h3>
<p>
    The RKI strives to offer a bug-free app. However, due to the large number of different systems
    involved, this cannot always be guaranteed. To assist the app’s technical support team with
    error analysis, you can send an error report that has been recorded in your app to the RKI. The
    RKI will analyse the error report in order to be able to identify and eliminate the cause of the
    errors that occur in your app.
</p>
<p>
    For the error analysis, the error reports will be temporarily stored and analysed without any
    connection to your name or identity. This means the RKI will not find out who you are or who you
    have met. Please note that if you provide your error report ID to the technical support team
    (e.g. by email), this may reveal information about your identity.
</p>
<p>
    Creating and sending an error report to the RKI is voluntary. You decide yourself whether you
    want to record an error report and send it to the app’s technical support team. To send the
    error report, the authenticity of your app first needs to be confirmed (please note the further
    information about this under Sections 6 n. and 10).
</p>
<h3>
    m. Surveys
</h3>
<p>
    Participation in surveys is voluntary. You decide yourself whether you want to participate in
    a survey and whether data should be transmitted to the RKI for this purpose. The surveys take
    place on a website outside of the app, which you will be redirected to. The purposes of an RKI
    survey are described in the information about the survey on the survey website. To enable
    participation in a survey, the authenticity of your app first needs to be confirmed (please
    note the further information about this under Sections 6 n. and 10).

</p>
<h3>
    n. Confirmation of the authenticity of your app

</h3>
<p>
    A feature of your smartphone’s operating system is used to confirm the authenticity of your
    app. This ensures that only app users whose app is functioning properly can share their data
    or participate in surveys. This prevents the statistics and survey results from being distorted.
    The authentication is also used in the context of sending error reports to ensure that only
    records from a genuine app can be sent and to prevent misuse of this feature. In addition, the
    authentication is also used in the event of a warning triggered using a positive test result
    that was not retrieved in the app. Here, using the confirmation, it is ensured that such a
    warning can only be triggered once in a three-month period. This serves to protect the
    technical infrastructure and other users of the app from being flooded with fake warnings.
</p>

<p>
    Please note that your operating system provider can learn that your smartphone has performed
    the authentication and can thereby infer your identity or the context of the check
    (e.g. warning other users).<br>
    Whatever the context, using the feature for confirming the authenticity of your app is
    voluntary. If you do not agree to the confirmation of the authenticity of your app and the
    possible transfer of data from your operating system to countries outside the EU, you will
    not be able to participate in data sharing or surveys, or send error reports. However, you can
    also warn other users without confirming the authenticity of your app, if you have an official
    test carried out at a testing facility and use the QR code to register that test in the app.
</p>
<h3>
    o. Update feature for COVID certificates

</h3>
<p>
    It may happen that the app offers you to update a valid digital COVID certificate. If, for
    example, the EU Member States decide to change the content or structure of the data in the COVID
    certificate, then it may be necessary to apply that formal or technical change to an existing,
    valid digital COVID certificate so that you can continue to use it without any problems.
</p>
<p>
    To do this, the app automatically downloads the current formal and technical specifications for
    digital COVID certificates from the app’s server system. The app then uses the data contained in
    the digital COVID certificates you have stored to check whether it is possible to update a
    stored digital COVID certificate via the app. If this is the case, you will then be advised of a
    possible update. For the update, with your consent, the digital COVID certificate to be updated
    will be transmitted from the app to the app’s server system in encrypted form. If the digital
    COVID certificate to be updated is a COVID vaccination certificate proving a booster
    vaccination, then the digital COVID certificates proving the basic immunisation or recovery
    prior to the booster vaccination will also be transmitted to the app’s server system in the
    process. The validity of the transmitted digital COVID certificates will then be checked there
    (see Section 6 h.). A new version of the COVID vaccination certificate for the booster
    vaccination will be generated using the data from the transmitted digital COVID certificates.
    During the update, the data in the transmitted COVID certificates (see Sections 5 h. and 5 i.)
    will be processed for a short time. The updated COVID certificate will then be sent back to your
    app.
</p>
<p>
    In order to be able to prevent users from using the update feature several times, which is not
    permitted, the electronic signatures of the updated and new digital COVID certificates are
    temporarily stored on the app’s server system by means of special one-way encryption (what’s
    known as a hash value). This means that the app performs a certain mathematical procedure in
    order to convert the electronic signature in such a way that it can no longer be identified. The
    hash value cannot be used to infer the data in the relevant digital COVID certificate or other
    information about you. However, it is still possible to clearly assign the hash value to the
    updated digital COVID certificate. The hash values will be deleted again 365 days after the
    update.
</p>
<h2>
    7. What permissions does the app require?

</h2>
<p>
    The app requires access to a number of your smartphone’s features and
    interfaces. For this purpose, you need to grant the app certain
    permissions. The permission system depends on your operating system’s
    specifications. For example, your smartphone may combine individual
    permissions into permission categories, where you can only agree to the
    permission category as a whole. Please note that without the permissions
    requested by the app, you will not be able to use some or all of the app
    features.

</p>
<h3>
    a. Technical requirements (all smartphones)

</h3>
<ul>
    <li>
        The app requires an internet connection in order to exchange data with the server system. In
        particular, this allows the app to download up-to-date information from the RKI’s server
        system (e.g. the latest key information, revocation lists).
    </li>
    <li>
        The Bluetooth feature must be enabled so that your smartphone can
        transmit its own random IDs and record the random IDs of other
        smartphones.
    </li>
    <li>
        The app needs to be able to run in the background on your smartphone in
        order to automatically identify your risk of infection and check the
        status of your test. If you deny the app permission to run in
        the background, then you must start all actions in the app itself.
    </li>
</ul>
<h3>
    b. Android smartphones
</h3>
<p>
    If you are using an Android smartphone, the following system features must
    also be enabled:
</p>
<ul>
    <li>
        The Android COVID-19 exposure notification system (COVID-19 Exposure
        Notifications)
    </li>
    <li>
        If you have a smartphone running on Android version 10 or lower,
        location services need to be enabled for your smartphone to search for
        Bluetooth signals from other smartphones. Please note that no location
        data is collected in this process.
    </li>
    <li>
        The notification feature must be enabled so that you can be notified of changes to your risk
        of infection and the status of test results. The notification feature is enabled by default
        in the operating system.
    </li>
</ul>
<p>
    The app also requires the following permissions:
</p>
<ul>
    <li>
        The features for retrieving a test result, checking in at an event, and adding certificates
        require access to the camera in order to scan QR codes. To be able to open a photo of a QR
        code in the app, access to the photos, media and files stored on the smartphone is required.
    </li>
</ul>
<h3>
    c. iPhones (Apple iOS)

</h3>
<p>
    If you are using an iPhone, the following system features must be enabled:
</p>
<ul>
    <li>
        The iOS COVID-19 exposure notification system (Exposure Notifications)
    </li>
    <li>
        Notifications must be enabled so that you can be notified of changes to
        your risk of infection and the status of your test.
    </li>
</ul>
<p>
    The app also requires the following permissions:
</p>
<ul>
    <li>
        The features for retrieving a test result, checking in at an event, and adding certificates
        require access to the camera in order to scan QR codes. To be able to open a photo of a QR
        code in the app, access to the photos stored on the smartphone is required.
    </li>
</ul>

<h2>
    8. When will your data be deleted?

</h2>
<p>
    The storage period depends on the purposes or app features for which your data has been stored.
    When determining the storage period, the RKI takes into account the latest scientific findings
    on the incubation period (i.e. the period between exposure to infection and the appearance of
    the first symptoms, which is up to 14 days) as well as on how long there is a risk of an
    infected person infecting someone else after the end of the incubation period. Unless otherwise
    specified under Section 6, the following storage periods apply:
</p>

<h3>
    a. Data on your smartphone

</h3>
<p>
    The positive lists are deleted from the app memory after 14 days. Event data under “My
    check-ins” is automatically deleted after 14 days. Alternatively, you can delete entries under
    “My check-ins” manually at any time. The infection risk determined for you (e.g. “low risk”) is
    deleted from the app memory after each update, but after 14 days at the latest. If you have
    retrieved a positive test result, the token in the app memory is deleted as soon as you activate
    the warning feature or remove the test from the app. Your entries in the contact journal will be
    stored on your smartphone for 16 days before being automatically deleted. You can also delete
    these entries yourself at any time. Please note that if entries are added to the contact journal
    when you check in at an event or place, these will still be stored there even after you delete
    the associated check-in. Once you have created your rapid test profile, it will be stored in the
    app until you delete it yourself. Once you have scanned your COVID vaccination, test or recovery
    certificates, including family certificates, these will also be stored in the app until you
    delete them yourself. Please delete family certificates when you no longer need them for their
    intended purposes. The booking information will be deleted once the certificate verification is
    complete.
</p>

<h3>
    b. Data on server systems

</h3>
<p>
    In the case of updating a digital COVID certificate (see Section 6 o.), the digital COVID
    certificates transmitted to the app’s server system for the update will be deleted again after
    the update process is completed. The hash values of the electronic signatures of the updated and
    new digital COVID certificates will be deleted after 365 days.
</p>
<p>
    Positive lists are deleted from all server systems (including the exchange server) after 14
    days. All other data, with the exception of data transmitted by the data sharing feature and to
    confirm the authenticity of your app, will be deleted after 21 days at the latest.

</p>
<h3>
    c. Data sharing

</h3>
<p>
    Usage data and other voluntary information transmitted to the RKI by the data sharing feature
    will be deleted after 180 days.
</p>
<h3>
    d. Error reports
</h3>
<p>
    You can delete a recorded error report on your smartphone at any time. Error reports that you
    have sent to the technical support team will be deleted after 14 days at the latest.
</p>
<h3>
    e. Authentication by the operating system
</h3>
<p>
    The identifier generated by your smartphone to confirm the authenticity of your app will be
    deleted from the server system after 30 days after transmission to the RKI.
</p>
<h2>
    9. Who will receive your data?

</h2>
<p>
    If you warn other users of a positive PCR test via the app, your test result (in the form of
    your random IDs from the last 14 days) as well as optional information you provide about the
    onset of your symptoms and event IDs will be forwarded to the server system and then to users of
    the Corona-Warn-App as part of the positive lists.
</p>
<p>
    The RKI has commissioned T-Systems International GmbH and SAP Deutschland SE & Co. KG to operate
    and maintain part of the technical infrastructure of the app (e.g. server system, hotline),
    meaning that these two companies are processors under data protection law and acting on the
    RKI’s behalf. Otherwise, the RKI will only pass on your data collected in connection with your
    use of the app to third parties if the RKI is legally obliged to do so or if this is necessary
    for legal action or criminal prosecution in the case of attacks on the app’s technical
    infrastructure. In other cases, personal data will not generally be passed on by the RKI.
</p>
<p>
    If, in the situations where it is required by law, you present a COVID Certificate to other
    persons or entities (for example, European border authorities or service providers), they will
    become aware of all the data contained in the certificate.
</p>
<p>
    You can prevent this by only presenting the QR code of the COVID Certificate in the app, so that
    it can be scanned using a verification app (e.g. as proof of your vaccination status and
    entitlement to certain exemptions under coronavirus restrictions). Then, only the data contained
    in the QR code will be read. Here the verification app will only show whether the certificate
    shown is valid, together with an explanation of the result. In the case of a valid certificate,
    the name and date of birth of the certificate holder are displayed additionally in the
    verification app, so that the person performing the check can compare this information with
    proof of identity (e.g. passport or ID card). In addition, it is displayed whether the
    certificate is a test certificate or not. In the case of test certificates, the time of sampling
    is then also displayed so that the person performing the check can assess whether the underlying
    test result is still valid.
</p>
<p>
    During certificate verification for ticket bookings, your COVID certificates and booking
    information are transmitted to a verification partner used by the provider. The specific
    verification partner is displayed in the app before transmitting the information. To retrieve
    the individual booking information, the app transmits to the provider the booking identifier
    contained in the provider’s booking QR code.
</p>
<h2>
    10. Is your data transferred to countries outside the EU?

</h2>
<p>
    Users of the Corona-Warn-App can retrieve the latest positive lists regardless of where they are
    (even if they are abroad on holiday or on a business trip, for example).
</p>
<p>
    In addition, the confirmation of the authenticity of your app may involve the transfer of data
    to a country outside the EU. The identifier generated by your smartphone, which contains
    information about the version of your smartphone and the app, will be transmitted to the
    provider of your smartphone’s operating system (Apple or Google). This may result in data being
    transferred to third countries, in particular the US. There, the level of data protection may
    not be considered equivalent under European law and it may not be possible to enforce your
    European data protection rights. In particular, there is a possibility that once the transmitted
    data reaches the operating system provider, it may be accessed and analysed by security
    authorities in the third country, for example by linking the data with other information from
    other sources.
</p>
<p>
    Otherwise, the data transmitted by the app is processed exclusively on servers in Germany or in
    another country in the EU (or the European Economic Area), which are therefore subject to the
    strict requirements of the General Data Protection Regulation (GDPR).
</p>

<h2>11. How can you withdraw your consent?

</h2>
<p>
    You have the right to withdraw any consent you granted the RKI in the app at any time with
    effect for the future. Please note, however, that any processing of your data that has already
    been carried out cannot be reversed. In particular, once your random IDs have been transmitted,
    the RKI has no way of deleting these from other users’ smartphones.

</p>
<h3>
    a. Consent to "exposure logging"

</h3>
<p>
    You can withdraw your consent to the app’s exposure logging feature at any time by disabling the
    feature in the app’s settings or by deleting the app. If you would like to use the exposure
    logging feature again, you can re-enable the feature or reinstall the app.

</p>
<h3>
    b. Consent to “retrieving a test result”

</h3>
<p>
    You can withdraw your consent to the test result retrieval feature by displaying the test in the
    app and then deleting it. The token for retrieving the test result will consequently be deleted
    from the app memory, so that the token can no longer be assigned on the server system. It is not
    possible to assign the same test to your app again or to scan the same QR code again. If you
    have been tested again and wish to retrieve the test result, you will be asked for your consent
    again. If the test result is already available in the app, then you can no longer withdraw your
    consent.

</p>
<h3>
    c. Consent to “warning others”

</h3>
<p>
    If you would like to withdraw your consent to the transmission of your test result (or, more
    precisely, your consent to the transmission of your random IDs and event IDs, including the
    recorded check-in and check-out times, from the last 14 days) for warning other people, you can
    display the test and then disable “Warn others”. You can also delete entries for events or
    places under “My check-ins” and thus prevent data for these events from being used for warnings.
    This option is available as long as you have not yet transmitted your random IDs and event IDs
    to warn other users.

</p>
<p>
    After you have transmitted your random IDs, you can only withdraw your consent by deleting the
    app. Your random IDs already transmitted to the server system will consequently be deleted from
    the app memory and can no longer be assigned to you personally or your smartphone. If you wish
    to activate the warning feature again, you will need to reinstall the app and give your consent
    again. Once a test result has been assigned to your app and transmitted in order to warn others,
    it cannot be used again to warn others.
</p>
<p>
    If event IDs have already been transmitted to the server system, you can also delete them from
    the app memory, by deleting the entries for the events or places under “My check-ins”. Event IDs
    can then no longer be assigned to you personally or your smartphone.
</p>
<p>
    Once your random IDs, event IDs and transmission risk values have been transmitted, the RKI has
    no way of deleting them from the positive lists distributed by the server system or from users’
    smartphones. If you also wish to delete your exposure data stored in your smartphone’s COVID-19
    exposure notification system, you may be able to manually delete it in your smartphone’s system
    settings. Please also note the information in Section 5 b.

</p>
<h3>
    d. Consent to “event check-in”
</h3>
<p>
    You can delete entries for events or places at any time under “My check-ins”. This will prevent
    data about these events from being used, and event IDs from being assigned to you personally or
    your smartphone, if you warn others.
</p>
<h3>
    e. Consent to “data sharing”

</h3>
<p>
    You can withdraw your consent to the data sharing feature at any time by disabling the data
    sharing feature in the app’s settings. The app will then no longer transmit your usage data and
    other voluntary information to the RKI on a daily basis. If you would like to allow data sharing
    again, you can re-enable the feature in the settings.

</p>
<h3>
    f. Consent to “error reports”
</h3>
<p>
    You can withdraw your consent to the analysis of error reports already submitted to the RKI by
    informing the technical support team that you no longer wish to have the error report analysed,
    stating your error report ID. Your error report will then be deleted. Please note that the RKI
    may learn your identity in the process. If you do not provide your error report ID to the
    technical support team, the submitted error report will be automatically deleted after 14 days.
</p>
<h3>
    g. Consent to “survey participation”
</h3>
<p>
    You do not give your consent to participate in an RKI survey in the app, but via the website on
    which the survey is conducted. There you will also find information about how you can withdraw
    your consent.

</p>
<h3>
    h. Consent to “confirmation of the authenticity of your app”

</h3>
<p>
    If you withdraw your consent to the confirmation of your app’s authenticity, this will not
    directly affect the related data processing. The transmission of the identifier generated by
    your smartphone to the provider of your smartphone’s operating system, and the verification
    and confirmation of the authenticity of your app, take place immediately after you have given
    your consent.

</p>
<h3>
    i. Consent to “COVID certificate updates”

</h3>
<p>
    Because the update of a digital COVID certificate is carried out immediately after you have
    given your consent, it will not be possible to withdraw your consent. If the update was not
    successful or you wish to update another digital COVID certificate, you will need to give
    separate consent for each individual update process.
</p>
<h2>
    12. What other rights do you have under data protection law?

</h2>
<p>
    If the RKI processes your personal data, you also have the following data
    protection rights:
</p>
<ul>
    <li>
        The rights under Art. 15, 16, 17, 18, 20 and 21 GDPR,
    </li>
    <li>
        The right to contact the official
        <a href="https://www.rki.de/DE/Content/Institut/OrgEinheiten/Datenschutz/Datenschutz_node.html">
            RKI data protection officer</a>
        and raise your concerns (Art. 38(4) GDPR) and
    </li>
    <li>
        The right to lodge a complaint with a data protection
        supervisory authority. To do so, you can for example contact your local
        supervisory authority or the authority responsible for the RKI. The
        supervisory authority responsible for the RKI is the Federal
        Commissioner for Data Protection and Freedom of Information,
        Graurheindorfer Straße 153, 53117 Bonn.
    </li>
</ul>
<p>
    Please note that the rights mentioned above can only be fulfilled if the
    data on which your claim is based can be clearly assigned to you. This
    would only be possible if the app were used to collect further personal
    data that would allow the data transmitted to the server system to be
    clearly assigned to you or your smartphone. Since this is not necessary for
    the purposes of the app, the RKI is not obliged to collect such additional
    data (Art. 11(2) GDPR). Moreover, this would run counter to the stated
    objective of collecting as little data as possible. For this reason, it
    will generally not be possible to fulfil the above data protection rights
    even if you provide additional information about your identity.

</p>
<p>
    If the hash values of the electronic signatures are temporarily stored when a digital COVID
    certificate is updated, this does not enable the RKI to determine the identity of certificate
    holders (see Section 6 o.).
</p>
<h2>
    13. Data protection officer and contact

</h2>
<p>
    If you have any questions or concerns regarding data protection, you are
    welcome to send them to the RKI’s official data protection officer by post
    to Robert Koch-Institut, FAO the data protection officer, Nordufer 20,
    13353 Berlin, or by emailing <a href="mailto:datenschutz@rki.de">datenschutz@rki.de</a>.
</p>
